Uploaded image for project: 'YesCart'
  1. YesCart
  2. YC-539

Rework 'reset password' functionality

          Details

          • Type: Improvement
          • Status: Closed
          • Priority: Major
          • Resolution: Fixed
          • Affects Version/s: 3.0.0
          • Fix Version/s: 3.0.0
          • Component/s: sf server, sf web
          • Labels:

            Description

            Currently 'reset password' function actually resets the password and sends email to the user. This could be exploited by other people to cause nuisance. E.g. if person knows your email they can keep reseting your password. We need to rework this for two step process (potentially for registration too). When we reset password we create authentication token only which is sent in email e.g. www.yes-cart.org/yes-shop/activate/authToken/email/bob@doe.com. This triggers a command to reset password by re-generating it and sending another email confirming new password.

            TD:
            1. Add new field on CustomerEntity authenticationToken
            2. Create ResetPasswordCommand that uses email and authenticationToken to authorise password resetting
            3. Modify RegistrationAspect to send two kinds of emails
            4. Create authorise password reset email template

              Attachments

                Activity

                  People

                  • Assignee:
                    denis.lozenko Denis Lozenko (Inactive)
                    Reporter:
                    denis Denis Pavlov
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    0 Start watching this issue

                    Dates

                    • Created:
                      Updated:
                      Resolved: